[...]... otherwise Computer and network security is both dynamic and relative However, you can do a lot to improve the security of your network by taking the offensive rather than waiting for someone to prove your network is not secure, and that is what this book is about 3 4 Part I Planning and Performing Security Assessments Role of Security Assessments in Network Security Most information security is handled... application defensive security measures have been since the previous security update Performing a security assessment might also reveal unexpected weaknesses in your organization’s security These are just a few of the roles that security assessments have in network security The bottom line is that security assess­ ments will help you ensure that network security won’t fail Defensive security measures alone... will uncover your organization’s true security posture, that is, its ability to change over time to handle the demands of new threats and alter­ ations to the network A security assessment can serve many different roles in network security You can perform security assessments to find either common mistakes or com­ puters that do not have the latest security patches installed You can perform security assessments... penetration testing or any other type of security assessment should not be used as a substitute for the act of designing and building security or any defensive security measure Furthermore, although the findings of a single security assessment might reveal invaluable information to assist you in securing your organization’s network, security assess­ ments should never be one-time events For security assessments... measures alone just can’t do that Why Does Network Security Fail? So why does network security fail? This is a fundamental question that a secu­ rity specialist must ask, especially when planning or performing a security assessment When you assess security, you investigate many different areas of 6 Part I Planning and Performing Security Assessments potential security failure In short, you are looking... together, you will become a more effective security professional Enjoy! —Kevin Lam, David LeBlanc, and Ben Smith April 2004 Who Should Read This Book If you are a penetration tester, network administrator, or IT manager interested in improving security with your clients or within your organization proactively, this book is for you For years now, once networks were running, security has been a reactive effort... Vectors 297 Countermeasures 298 Frequently Asked Questions 19 Network Sniffing 299 301 Understanding Network Sniffing 301 Debunking Network Sniffing Myths 303 Myth #1: An Attacker Can Remotely Sniff Networks 304 Myth #2: Switches Are Immune to Network Sniffing Attacks 306 Detecting Network Sniffing Threats 308 Manual Detection 309 Reviewing Network Architecture 310 Monitoring DNS Queries 310 Measuring... Foreword Probably the most obvious question a prospective reader (one with at least passing familiarity with the computer security book genre) might ask about Assessing Network Security is: Why does the world need yet another network security pen -testing book? The answer, it turns out, is refreshingly obvious: This book contains a tre­ mendous trove of quality information from authentic practitioners... “Planning and Performing Security Assessments” Chap­ ters 1 through 7 cover the planning and preparation for successful security assessments How do you plan for security assessments? xxvii xxviii Introduction When should you use vulnerability scanning, penetration testing, or IT security audits? What things should you consider when you are plan­ ning each? How can you present your results to management... Simply put, security professionals do not have the evolved set of tools and the depth and breadth of experience that are available to our network administrator col­ leagues Consequently, answering the question “How secure is my network? ” is much more difficult than answering “How well is my DCHP server running?” This book will help you answer that question of how to assess the security of your network, . Planning and Performing Security Assessments 1 Introduction to Performing Security Assessments 3 Role of Security Assessments in Network Security 4 Why Does Network Security Fail? 5 Human. Planning and Performing Security Assessments Introduction to Performing Security Assessments 3 Key Principles of Security 21 Using Vulnerability Scanning to Assess Network Security 37 Conducting. Penetration Test 57 Performing IT Security Audits 75 Reporting Your Findings 89 Building and Maintaining Your Security Assessment Skills 99 Part II Penetration Testing for Nonintrusive Attacks